Re: *MAJOR SECURITY BREACH AT CCBILL**
From: l0rtamus Prime (simon@snosoft.com)Date: 12/19/01
- Previous message: Matthew Leeds: "RE: NT Compromise"
- In reply to: Dayne Jordan: "Re: *MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: Robert van der Meulen: "Re: *MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: NESTING, DAVID M (SBCSI): "RE: *MAJOR SECURITY BREACH AT CCBILL**"
- Reply: Robert van der Meulen: "Re: *MAJOR SECURITY BREACH AT CCBILL**"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: l0rtamus Prime <simon@snosoft.com> To: djordan@completeweb.net Date: 19 Dec 2001 17:49:57 -0500
Also on this note:
Did you request permission to disclose this information from CBILL to
this list? I know that many companies prefer to deal with issues like
this on their own and have their own controlled ways of disclosing
information.
I am asking because I know of a site that has similar issues (not
nearly as serious). When I contacted the person responsible he flat out
insulted me and accused me of trying to make money off of his
vulnerability. (which is not the case at all.) When I asked him if he
would like me to explain the issue he said "no" and hung up the phone.
The problem with his web site is a simple perl issue that any average
perl programmer can figure out. Any advice on what I should do? Should
I post a full disclosure?
I have tried to contact him, his ISP (verio) and other people but thus
far have yet to speak to anyone reasonable.
On Wed, 2001-12-19 at 15:16, Dayne Jordan wrote:
> Yes, I notitifed CCBILL/Cavecreek.Net at approx. 4:00am EST.
> I spoke directly with their network security.
>
> As of this morning, they are unreachable as they are all in
> a meeting. The person I spoke with this morning over there told
> me that they are meeting regarding this situation right now
> and would make an announcement to their customers soon.
>
> D.
> ============
>
> H C wrote:
> >
> > Dayne,
> >
> > > It is my opinion that Cavecreek/CCBILL has had a
> > > breach of security
> > > thus releasing user ids and logins on various
> > > servers around the
> > > internet. CCBILLS customer base is in the tens of
> > > thousands.
> >
> > Just out of curiosity, did you happen to contact
> > anyone at CCBILL prior to posting this information to
> > a public list server?
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Check out Yahoo! Shopping and Yahoo! Auctions for all of
> > your unique holiday gifts! Buy at http://shopping.yahoo.com
> > or bid at http://auctions.yahoo.com
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
-- Regards, l0rtamus Prime ---------------------------------------------- "The best defense against logic is ignorance."---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Matthew Leeds: "RE: NT Compromise"
- In reply to: Dayne Jordan: "Re: *MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: Robert van der Meulen: "Re: *MAJOR SECURITY BREACH AT CCBILL**"
- Next in thread: NESTING, DAVID M (SBCSI): "RE: *MAJOR SECURITY BREACH AT CCBILL**"
- Reply: Robert van der Meulen: "Re: *MAJOR SECURITY BREACH AT CCBILL**"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
